WebMvcSecurityConfiguration$CompositeFilterChainProxy]: Constructor threw exception-前端-CSS教程

WebMvcSecurityConfiguration$CompositeFilterChainProxy]: Constructor threw exception

在参考spring-authorization-server的入门时根据Defining Required ***ponents配置完SecurityConfig.java，启动时没有问题，但把注解@EnableWebSecurity设置为@EnableWebSecurity(debug = true)时：

@Configuration
@EnableWebSecurity(debug = true)
public class SecurityConfig {
......
}

应用启动报错：

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain': Failed to instantiate [org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$***positeFilterChainProxy]: Constructor threw exception
	at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:318) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:306) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1354) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1191) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:561) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:521) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:325) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:312) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:975) ~[spring-beans-6.1.3.jar:6.1.3]
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:959) ~[spring-context-6.1.3.jar:6.1.3]
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:624) ~[spring-context-6.1.3.jar:6.1.3]
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.2.2.jar:3.2.2]
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:754) ~[spring-boot-3.2.2.jar:3.2.2]
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:456) ~[spring-boot-3.2.2.jar:3.2.2]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:334) ~[spring-boot-3.2.2.jar:3.2.2]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1354) ~[spring-boot-3.2.2.jar:3.2.2]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1343) ~[spring-boot-3.2.2.jar:3.2.2]
	at org.issue.example.spring.SecurityApplication.main(SecurityApplication.java:10) ~[classes/:na]

抛错代码位置，是在创建***positeFilterChainProxy对象时，构造方法中调用findFilterChainProxy方法时报错，没有匹配的FilterChainProxy对象。

private static FilterChainProxy findFilterChainProxy(List<? extends Filter> filters) {
	for (Filter filter : filters) {
		if (filter instanceof FilterChainProxy fcp) {
			return fcp;
		}
	}
	throw new IllegalStateException("Couldn't find FilterChainProxy in " + filters);
}

经调试分析，在设置注解为@EnableWebSecurity时，调用findFilterChainProxy方法时参数filters集合中确实包含FilterChainProxy，但设置注解为@EnableWebSecurity(debug = true)时，参数filters集合中不包含FilterChainProxy，对应FilterChainProxy的对象变成了DebugFilter。后通过查看源码发现：

BeanDefinition filterChainProxy = registry
					.getBeanDefinition(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME);

BeanDefinitionBuilder hmiCacheFilterBldr = BeanDefinitionBuilder
	.rootBeanDefinition(HandlerMappingIntrospectorCachFilterFactoryBean.class)
	.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);

ManagedList<BeanMetadataElement> filters = new ManagedList<>();
filters.add(hmiCacheFilterBldr.getBeanDefinition());
filters.add(filterChainProxy);
BeanDefinitionBuilder ***positeSpringSecurityFilterChainBldr = BeanDefinitionBuilder
	.rootBeanDefinition(***positeFilterChainProxy.class)
	.addConstructorArgValue(filters);

在***positeFilterChainProxy bean的定义时，构造参数filters集合的第二个元素对象filterChainProxy，对应的beanName：AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME（对应"springSecurityFilterChain"）在初始化时，如果debug = true时返回的对象为DebugFilter，debug = false时返回的对象为FilterChainProxy：

......
Filter result = filterChainProxy;// FilterChainProxy对象
if (this.debugEnabled) {
	this.logger.warn("\n\n" + "********************************************************************\n"
			+ "**********        Security debugging is enabled.       *************\n"
			+ "**********    This may include sensitive information.  *************\n"
			+ "**********      Do not use in a production system!     *************\n"
			+ "********************************************************************\n\n");
	result = new DebugFilter(filterChainProxy);
}
......

后再spring-security issues中反馈BUG，得到了反馈，官方让参考：https://github.***/spring-projects/spring-security/issues/14370。问题已解决并提交在main分支上对应版本为6.3.0-M1：https://github.***/spring-projects/spring-security/***mit/7cd626fe2569346b945feec40fa16f231a558fde。

如何使用此版本需要添加相关repository，才能把依赖的jar更新下来，maven pom.xml中配置repository如下：

<repositories>
    <!-- Spring Snapshot存储库 -->
    <repository>
        <id>spring-milestone</id>
        <name>Spring Milestone Repository</name>
        <url>https://repo.spring.io/milestone</url>
    </repository>
    <!-- Spring Milestone存储库 -->
    <repository>
        <id>spring-milestone</id>
        <name>Spring Milestone Repository</name>
        <url>https://repo.spring.io/milestone</url>
    </repository>
</repositories>

转载请说明出处内容投诉
CSS教程_站长资源网 » WebMvcSecurityConfiguration$CompositeFilterChainProxy]: Constructor threw exception

谢生

分享到：

谢生

相关推荐

发表评论

一个令你着迷的主题！